[Forgot Password]
Login  Register Subscribe

24437

 
 

132176

 
 

119400

 
 

909

 
 

97120

 
 

144

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2018-0414Date: (C)2018-10-08   (M)2019-01-09


A vulnerability in the web-based UI of Cisco Secure Access Control Server could allow an authenticated, remote attacker to gain read access to certain information in an affected system. The vulnerability is due to improper handling of XML External Entities (XXEs) when parsing an XML file. An attacker could exploit this vulnerability by convincing the administrator of an affected system to import a crafted XML file.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 5.7CVSS Score : 3.5
Exploit Score: 2.1Exploit Score: 6.8
Impact Score: 3.6Impact Score: 2.9
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: NETWORKAccess Vector: NETWORK
Attack Complexity: LOWAccess Complexity: MEDIUM
Privileges Required: LOWAuthentication: SINGLE_INSTANCE
User Interaction: REQUIREDConfidentiality: PARTIAL
Scope: UNCHANGEDIntegrity: NONE
Confidentiality: HIGHAvailability: NONE
Integrity: NONE 
Availability: NONE 
  
Reference:
SECTRACK-1041688
BID-105289
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-acsxxe

CPE    7
cpe:/a:cisco:secure_access_control_server_solution_engine:5.4.0.46.6
cpe:/a:cisco:secure_access_control_server_solution_engine:3.3.1
cpe:/a:cisco:secure_access_control_server_solution_engine:5.5.0.36
cpe:/a:cisco:secure_access_control_server_solution_engine:3.3.2
...
CWE    1
CWE-611

© SecPod Technologies